#--------------------------------------------------------------
# ssh-host-signer
#   create engine
#   generate ca cert
#   tune the ssh engine
#--------------------------------------------------------------
#resource "vault_mount" "ssh_host_signer" {
#  path                  = "ssh-host-signer"
#  type                  = "ssh"
#  description           = "SSH Host Signing Engine"
#  max_lease_ttl_seconds = 87600 * 3600
#}
#
#resource "vault_ssh_secret_backend_ca" "ssh_host_signer_ca" {
#  backend              = vault_mount.ssh_host_signer.path
#  generate_signing_key = false # change to true for new configuration
#  key_type             = "ssh-rsa"
#}